Cybercriminals are quick to adapt to any changes in the digital landscape and the massive growth in smartphone use has provided these crooks with the perfect platform to launch targeted mobile phishing attacks.
In 2018, 52.2% of all worldwide online traffic was generated through mobile phones, and research from Return Path found that 55% of emails are now opened on a mobile device.
Not one to miss a trick, the criminals have followed the traffic and launched a wave of mobile phishing attacks which are proving to be even more successful at conning people than traditional email-based scams.
In the last five years alone, there has been a massive 85% increase on mobile phishing attacks and this has highlighted the security shortcomings of mobile, and demonstrated that users need to be extra vigilant against phishing attacks on this particular platform.
Why are mobile phishing attacks so successful?
There are a range of reasons why phishing attacks are proving to be so successful and difficult to detect on mobile, these include:
1. Mobile Interface
Unlike desktop, the mobile interface conceals a lot of red flags that would highlight a potential phishing attack. On desktops, users can check the validity of a web address by hovering their mouse over a link to see if it’s legitimate. On a mobile, this option’s not available making it increasingly difficult to detect if a link is malicious or not. Other protective measures such as traditional firewalls, secure email gateways and endpoint protection are unavailable on mobile, making it much easier for criminals to attack undetected.
2. SMS, Messaging apps and social media
Cybercriminals aren’t just restricted to email-based phishing on mobile, the platform has opened up a host of other entry points to launch attacks. Social media and messaging apps are fast becoming the most popular delivery methods, with a 170% increase in messenger app phishing, and a 102% increase in social app phishing from 2017 to 2018. Users tend to be less suspicious about links on social media and criminals have been quick to take advantage of this lapse in security to launch attacks on popular networks such as Facebook, LinkedIn and Instagram.
3. Personal and business use of phones
Mobiles are increasingly used for both personal and business use, making them a very attractive target for cybercriminals. If the fraudsters can trick someone into clicking on a malicious link on a personal app, then it provides them with easy access to confidential work information, as well as free reign on the individual’s phone.
How can you prevent Mobile phishing?
The increase in attacks has demonstrated that mobile users are significantly less savvy to the growing range of threats on this particular platform. This has enabled criminals to move quickly and take advantage of new techniques and technologies to launch targeted scams.
Despite the challenges faced, there are a range of protective measures that can be adopted to reduce the chance of falling for a mobile phishing scam, these include:
- Use official apps: Users should only download apps from recognised and trusted app stores
- Security awareness training: Whether it’s desktop or mobile, it’s vital that staff are trained to identify and respond to the growing range of cybersecurity threats
- Safe browsers: Users should only use browsers with security features installed, (ex: chrome mobile) that will eliminate malware and phishing sites
- Bookmarks: Bookmarks will prevent against landing on unknown pages
- Anti-virus software for mobile – There are a range of anti-virus software solutions for mobiles that will eliminate malicious activity
Related articles:
What to do if you click on a Phishing Link
10 signs your smartphone has been hacked
MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.
